WebID-OIDC - Authentication question from Alexandre Bourlier on 2019-07-10 (public-solid@w3.org from July 2019)

From: Alexandre Bourlier <alex@startinblox.com>
Date: Wed, 10 Jul 2019 20:09:42 +0200
To: public-solid <public-solid@w3.org>, Dmitri Zagidulin <dzagidulin@gmail.com>
Cc: Jean-Baptiste Lemée <jean-baptiste@startinblox.com>, Sylvain Le Bon <sylvain@startinblox.com>
Message-ID: <CAHrPJyLLM3+yEjf9qUrkGz=rxuOGUxPibcQtVAukptDGkS+i6A@mail.gmail.com>

Hi Dmitri,
Hi everyone,

We are implementing the WebID-OIDC spec to authenticate our users.

We currently have two applications that we would like to authenticate via
WebID-OIDC :
 - the JS app that is running in the browser
 - the Prosody XMPP server
and probably more to come. This forces us to replicate steps 6 and 7 of the
spec <Deriving a WebID URI:> wherever the `ID token` validation happens.

*My question is : is it OK to implement a web service that will allow us to
factorize this code ? *

We could call that web service, passing it the `id token` and any relevant
parameters, and it would respond with the `webid` if the token was valid,
or with an explicit error message if it wasn't.

Sounds like a good idea to be but I might be missing something.
Your validation that this architecture would work and be WebID-OIDC
compliant would help us decide in which direction we go.

All the best !

-- 

Alexandre BOURLIER
06 51 71 08 21
https://happy-dev.fr <http://happy-dev.fr>
https://startinblox.com

Received on Thursday, 11 July 2019 02:47:04 UTC